<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-us" lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta name="DC.Type" content="reference"/>
<meta name="DC.Title" content="New and Noteworthy"/>
<meta name="abstract" content="Here are descriptions of some of the more interesting or significant changes made to Eclipse Memory Analyzer for the 1.10 release."/>
<meta name="description" content="Here are descriptions of some of the more interesting or significant changes made to Eclipse Memory Analyzer for the 1.10 release."/>
<meta name="copyright" content="Copyright (c) 2008, 2020 SAP AG, IBM Corporation and others. All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse Public License v1.0 which accompanies this distribution, and is available at http://www.eclipse.org/legal/epl-v10.html " type="primary"/>
<meta name="DC.Rights.Owner" content="Copyright (c) 2008, 2020 SAP AG, IBM Corporation and others. All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse Public License v1.0 which accompanies this distribution, and is available at http://www.eclipse.org/legal/epl-v10.html " type="primary"/>
<meta name="DC.Format" content="XHTML"/>
<meta name="DC.Identifier" content="ref_noteworthy"/>
<meta name="DC.Language" content="en-us"/>
<link rel="stylesheet" type="text/css" href="styles/commonltr.css"/>
<title>New and Noteworthy</title>
</head>
<body id="ref_noteworthy">


	<h1 class="title topictitle1">New and Noteworthy</h1>

	
	
	<div class="body refbody"><p class="shortdesc">Here are descriptions of some of the more interesting or
		significant changes made to <span class="keyword">Eclipse Memory Analyzer</span> for the 1.10 release.
	</p>

		<div class="section"><h2 class="title sectiontitle">Enhancements and fixes</h2>
			
			<ul class="ul">
			<li class="li">The parsing of HPROF dumps is now multi-threaded which should improve the speed at
			which dumps are parsed on multi-cored machines.</li>

			<li class="li">The HPROF parser has been enhanced to let it directly read HPROF dumps compressed with Gzip or in the gzip file format.</li>

			<li class="li">Object Query Language programming has been improved.</li>

			<li class="li">The Leak Suspects report has been improved for the case where the leak suspect includes
			multiple suspect objects.</li>

			</ul>

		</div>

		<div class="section"><h2 class="title sectiontitle">Fix details</h2>
			
			<ul class="ul">


			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=277422">277422</a> Nice if heap parsing was multi-threaded</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=297052">297052</a> HTML tree reports are not expanded for leak suspects</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=438844">438844</a> Add ability to load a zipped hprof</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=442315">442315</a> Java_version error when using Java Collections tools on HashMaps</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=536920">536920</a> Provide extra links for top components report</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=551820">551820</a> Update version to 1.10.0</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=552879">552879</a> OQL enhancements for sub-selects, maps, context providers, DISTINCT</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=552917">552917</a> org.eclipse.mat.ibmdumps project classpath issue</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=553312">553312</a> infinite loop in the export hprof feature from "ParseHeapDump.bat" on multi-segment dumps</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=559247">559247</a> OQL method call improvements</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=559273">559273</a> Java 11 collection class updates</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=559538">559538</a> p2 repo configuration for mirrors and download statistics</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=559905">559905</a> Code tidy up</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=560295">560295</a> ArrayIndexOutOfBoundsException in ObjectMarker.markMultiThreaded</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=560384">560384</a> Eclipse.OSGi Bundle explorer extension point problems</li>


			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=551214">551214</a> Add documentation about post-processed J9 JVM finalizer roots</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=552670">552670</a> Add documentation for display of bytes in KB, MB, GB or Smart formats</li>


			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=324967">324967</a> Hide queries which are not relevant</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=417467">417467</a> Reports fail to display after report generation completes</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=445180">445180</a> reports fail without information</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=545754">545754</a> OQL syntax highlighting sometimes doesn't highlight keywords</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=548441">548441</a> Overview background doesn't match Eclipse</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=551552">551552</a> Exception running query with no editor open</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=551971">551971</a> Reports not rendered in MAT</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=552621">552621</a> Batch processing improvements</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=559255">559255</a> MAT Calcite results can't be added to the compare basket</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=559284">559284</a> Hovering over overview pie slice throws an exception</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=559873">559873</a> OutOfMemoryError when selecting large totals row</li>

			<li class="li">Fix for <a class="xref" href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=560005">560005</a> NullPointerException in PatternFilter</li>


			</ul>

		</div>


		<div class="section"><h2 class="title sectiontitle">Security fixes</h2>
			
			Memory Analyzer 1.10 includes the security fixes first included in Memory Analyzer 1.9.2.
			We highly recommend users of Eclipse Memory Analyzer version 1.9.1 or earlier to update to version 1.10.0 (or 1.9.2) or subsequent versions.
			<dl class="dl">
				
					<dt class="dt dlterm"><a class="xref" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17634">CVE-2019-17634</a></dt>

						<dd class="dd"><dl class="dl">
							
								<dt class="dt dlterm">PROBLEMTYPE</dt>

								<dd class="dd">CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</dd>

							
							
								<dt class="dt dlterm">DESCRIPTION</dt>

								<dd class="dd">Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose to download, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present when a report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system when the report is opened in Memory Analyzer.</dd>

							
						</dl>
</dd>

				
				
					<dt class="dt dlterm"><a class="xref" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17635">CVE-2019-17635</a></dt>

						<dd class="dd"><dl class="dl">
							
								<dt class="dt dlterm">PROBLEMTYPE</dt>

								<dd class="dd">CWE-502: Deserialization of Untrusted Data</dd>

							
							
								<dt class="dt dlterm">DESCRIPTION</dt>

								<dd class="dd">Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system.</dd>

							
						</dl>
</dd>

				
			</dl>

		</div>

		<div class="section"><h2 class="title sectiontitle">New and Noteworthy for Memory Analyzer 1.9</h2>
			
			<p class="p">
				The New and Noteworthy document for version 1.9 is available 
				<a class="xref" href="http://www.eclipse.org/mat/1.9.0/noteworthy.html">here</a>.
			</p>

		</div>

	</div>


</body>
</html>